Jack Barsky’s Keynote Speech at InfoSec Nashville 2017

The 17th annual InfoSec Nashville conference was held on September 19, 2017, at the Music City Center. In the keynote address, Jack Barsky shares his experience as a KGB agent and shares his concern of the lack of awareness of cyber security dangers among most Americans.

The InfoSec Nashville 2017 podcast is sponsored by FireEye cybersecurity and malware protection. FireEye analyzes the whole security operations lifecycle to detect and prevent possible cyber attacks. For more information, visit fireeye.com.

[PODCAST] Michael Mangold strategizes for networking and community growth at InfoSec Nashville

On September 19, 2017, information security professionals from around the world will converge upon Nashville’s Music City Center for the InfoSec Nashville conference – a day of conversation focused on defense strategies for our most precious data.

The conference, which will feature two keynote speakers, 16 unique breakout sessions, and 8 20 minute flash sessions, is the product of a long planning process and community partnerships. In order to find headlining speakers, conference organizers relied on local advertising through ISSA and word-of-mouth, calling for speakers who are interested to send in presentation topics for review.

“It’s a way for those who are interested to send topics for review to be presented at the conference. We try to take into consideration everything from knowledge to speaking style to topic and try to create a diverse platform, so whether you’re more of a true techie, whether you’re concerned about incident response, or compliance concerns with your organization, we try to give a flavor of all those aspects of security,” said Michael Mangold, Vice President of Information Security for Tractor Supply Company and chair of InfoSec Nashville 2017.

In its 17th year, the conference relies on the community in its planning process, but also encourages participants to consider their roles in the city’s ever-growing “demand for not just skillsets, but tools and technologies,” Mangold said – a big draw for vendors.

“For me, it’s been fantastic seeing the city transform and grow. I’m probably one of the few native Nashvillians here today, but through that growth, and the growth of the job market, we’ve been able to create a lot of opportunity in the technology industry. So that in turn draws a lot of top talent from across the country,” he said.

This expansion in the information security and technology industries is a natural result of Nashville’s health care background, which allows for cooperative development of innovation in problem-solving strategies.

“When you think about the growth and the capabilities these companies provide, it’s new ways of exposing information, when means you also have to protect it. I think the innovation, the creativity of the solutions being delivered offers a new challenge for protecting information,” Mangold said.

In addition to a role of expert speakers, prizes and delicious food, InfoSec Nashville 2017 attendees can expect “a lot of energy and excitement” at the conference, as well as a chance to connect with old contacts and network with new ones.
“It’s a great networking opportunity, seeing people you know in the community and meeting new individuals,” he said.

In an industry where companies are facing constant challenge to protect themselves, their brands, their reputations and their finances, sharing knowledge and participating in information security’s burgeoning community, can be key to keeping up the fight.

“Information security is a very interesting field. You feel like you’re always playing defense against the bad guys. And as the threats continue to evolve, it becomes harder,” he said. “Being able to get together with a group and talk about types of attacks, how companies are either protecting or putting plans in place, I think the more you share with your peers, the more successful you’ll be.”

Michael Mangold is the conference chair of InfoSec Nashville, which will be held on September 19, 2017 at the Music City Center. Register now to attend the conference.

[PODCAST] Speakers, sponsors and attendees share their expertise at InfoSec Nashville 2017

On September 19, 2017, information security professionals from around the world converged on Nashville’s Music City Center for the 17th annual InfoSec Nashville conference – a day of conversation focused on defense strategies for our most precious data. The conference featured two keynote speakers, 16 unique breakout sessions, and eight 20-minute flash sessions.

Speakers, sponsors and attendees were invited to sit for an interview in the Podcast Lounge sponsored by FireEye cybersecurity and malware protection. FireEye analyzes the whole security operations lifecycle to detect and prevent possible cyber attacks.

Listen to their stories to hear a sample of what people experienced at InfoSec Nashville 2017.

Tenable’s BJ Withrow discusses the most recent major breaches in the information security industry, as well as the importance of “good cyber hygiene.”

Adrian Sanabria of Savage Security shares memorable experiences of his time of being in the information security industry.

Founder of the ISSA Nashville chapter and CEO of LBMC Information Security Thomas Lewis goes into detail about what really happened in the recent major information breach at Equifax, and why focusing on authentication is important when protecting your personal information.

Gene Loye of Innovative Network Technologies stresses the importance of being a “Value Added Reseller” in the information security industry.

AJ Bahou of Bahou Law explains how blockchain will revolutionize the information security industry.

Mark Burnette of LBMC Information Security discusses why business executives should see cyber security as risk management, not as compliance.

Jack Daniel of Tenable discusses making connections through the Security BSides event series and some history of information security.

Kyle Bubp of Savage Security reinforces the importance of building company-wide relationships with security teams and finding guidance within compliance frameworks.

Susan Richards of Change Healthcare gives a behind-the-scenes look at InfoSec Nashville and the process of building an information security community.

Ben Henderson of FireEye discusses why everyone should have a proactive approach to information security, not a reactive one.

Marci McCarthy of TEN and ISE explains why emotional intelligence is key for information security leaders, especially during crisis management situations.

[PODCAST] Jack Barsky illustrates how to prevent the unwinnable cyber war at InfoSec Nashville

When Jack Barsky talks information security, it would be an understatement to say that he knows what he’s talking about.

The “doubly-retired” former KGB agent and retired information security specialist will be delivering a keynote presentation at the upcoming InfoSec Nashville conference on September 19, 2017, where he plans to share his experiences with the three critical issues facing the information security industry today.

The first of these problems is something that Barsky says can escalate much more quickly than people expect: senior management teams that discount or don’t understand the importance of infosec threats.

“I truly sympathize with folks who work in the trenches, who very often are not known to even be doing work because it’s only when something breaks that people point fingers saying, ‘What did you do about security?’” Barsky said. “But when everything is smooth and people are successful at fighting viruses and setting up firewalls and all that, nobody pays attention. It’s not sexy to the corporation; it’s not sexy to people who are just users of IT.”

Senior management teams are far from alone in this lack of awareness, however, Barsky notes in his second point. Despite information security’s recent exposure as a hot political topic, the public at large does not seem to be well-educated about the dangers we face even in our day-to-day lives.

Referencing last year’s presidential election, Barsky says,  “I thought this might be a good time to raise public awareness about these issues, and I think we just blew a great opportunity to do so. Based on what I know, what I see, and what I’ve observed for a long time is there’s a tremendous lack of awareness amongst the American public, all of whom are nowadays users of technology, about the dangers lurking in cyberspace.”

While so much of the awareness that does exist focuses on dangers outside of the country, insider threats – social engineering, falsified backgrounds and stolen identities – are just as present, though often ignored, Barsky said about his third concern.

“If there’s a World War III that’s fought with nuclear weapons, nobody’s going to win. And I believe that if there’s a serious cyberwar that happens, I’m not sure anybody could win that one either,” he said.

Though the solutions to some of these problems are difficult, Barsky said, they are luckily not impossible. The first involves filling the gaps in awareness that seem to permeate society.

“We need to, as an information security community, find ways to band together and make this a priority, educating the American public, because this thing, this cyberwar – as most of the attendees know – is dangerous as hell,” he said.

And the second means reinforcing to senior management that information security is worth the time, money and interest, even if it might not seem so glamorous. This often requires a change in attitude.

“Communication is a two-way street. You’ve got to have somebody who can actually convey the message and somebody else who is willing to listen. And if your partner does not listen, then unfortunately, you can do all the communicating you can muster and it’s not getting anywhere,” Barsky said.

Once those conversations have been had, it’s up to the company, Barsky said, to rise to the challenge, going above and beyond industry or legislative standards to make certain that information security is being maintained.

“The government cannot issue rules that apply to a wide set of organizations and enterprises  and believe that they’ve got every threat covered. It’s impossible,” he said. “If you just check the boxes, that’s good and well, but you’ve got to do more to deal with the specific issues that you know you have. And that takes some courage.”

Jack Barsky will be giving a keynote address at InfoSec Nashville on September 19, 2017, at the Music City Center. Register now to attend the conference.

[PODCAST] Nir Zuk confronts gaps in the cyber security industry at InfoSec Nashville

For Nir Zuk, founder and CTO of Palo Alto Networks, building the future of information security is part of the day-to-day.

Zuk will be delivering a keynote presentation at the upcoming InfoSec Nashville conference on September 19, 2017, where he plans to delve into the financial side of information security and how the industry can strengthen the defense against cyber attacks.

The 1990s and early 2000s saw large investments in information security, stopping 90 percent of the attacks that occurred at the time, Zuk said. This was followed by a period of even greater investment in the mid-2000s, during which tens of billions of dollars stopped around 10 percent more cyber security issues.

Today, only about 1 percent of those cyber attacks pose a major threat to companies, but it’s unlikely that this last percent will be eliminated, Zuk said.

“What do we do to jump from 99 percent to 99.9 percent elimination of successful attacks? Are we going to invest 10 times more again, meaning are we going to invest hundreds of billions of dollars into a market that is $40 billion a year? Is it even feasible, or should we do something fundamentally different? I think the obvious answer is that we can’t do that,” he said. “We cannot go to that level of investment, and it’s clear that – without that level of investment – we’re not going to move much further than where we are today.”

While investing enough money to bridge the gap may not be feasible, there are other things that the information security industry can do to prevent major cyber attacks.

For instance, because many attacks are financially-driven, increasing the number of attacks a hacker must stage to break through a company’s security also increases the cost to the orchestrator.  

“In those cases, it’s not about stopping 100 percent of attacks, which is probably not something we’re going to get to. But it’s about making that attack much more expensive than what you can get out of the attack,” Zuk said.

In addition to directly confronting attacks, Zuk said that finding people to fill open positions in the information security industry could also benefit companies looking to improve their defenses.

“Right now in the U.S. there are over 250,000 open positions for infosec professionals. And it’s just getting worse and worse and worse,” he said. “What do we do? I can come up with the best technology ever, but if my customers don’t have anybody who can use it, then there’s no way for me to protect them.”

While more extensive education about information security would be a partial solution to this problem, Zuk said that what’s really needed is a change in the industry – especially a shift to focus more on technology.

“Given that attacks are automated, it’s not about how many people we have versus how many people they have. It’s how many people are required to deal with our infosec processes versus the capability of the bad guys to utilize automation and keep our infosec teams busy,” he said. “Of course, this is a war you’re not going to win. As long as we’re fighting machines with people, we’re not going to win.”

As a founder of one of the critical companies in cyber security, Zuk is helping lead the industry toward this automation, which he said he is optimistic to see develop over time.  

“I think that we’ve been picking the low-hanging fruit for the last 25 years. Yes, we’ve been going higher and higher in the tree, but we’re still very low. And now we to have to start getting to points where we use way more technology and way more specialized technology and different attacks require different sets of technology,” he said.

Nir Zuk will be giving a keynote address at InfoSec Nashville September 19, 2017, at the Music City Center. Register now to attend the conference.

[PODCAST] InfoSec Nashville 2016 Highlights Industry’s Latest Trends, Ideas

Security leaders, software developers and hackers gathered at the Nashville InfoSec 2016 conference to trade tips and learn about the latests trends in a rapidly evolving industry. Organized by the Middle Tennessee Chapter of the Information Systems Security Association, the annual conference served as a marketplace of ideas for innovators on the cutting edge of data security to share their thoughts with consumers and other companies.

Hear from some of the most influential participants in the industry as they share their thoughts on the latest trends and takeaways from the conference.

This year’s podcast is brought to you by Netskope, the leading cloud access security broker. Netskope gives IT the ability to find, understand, and secure cloud apps. Only Netskope empowers organizations to direct usage, protect sensitive data, and ensure compliance in real-time, on any device, for any cloud app so the business can move fast, with confidence.

Jay Bivens, Senior System Engineer at Netskope, discusses how companies can best protect customer data as more software is moved into cloud systems. With fundamental changes happening in how companies manage data, Netskope is trying to protect cloud data in a responsible and efficient manner.

Brian Moyer, new President and CEO of the Nashville Technology Council, discusses how healthcare companies can protect patient data. Moyer wants to continue to make Nashville a healthcare information technology innovator, setting the pace for the rest of the industry. He also shares his thoughts on what makes Nashville such a successful technology hub.

Kyle Bubp, Security Practice Lead at Veristor, gets inside the minds of hackers and reminds everyone that no individual is free from the dangers of data crime. Comparing black, white and gray hackers, Bubp blurs the line between research and harm when trying to find the best way to protect your data.

Eric Brown, Asst Director of CEROC at Tennessee Tech, works as part of a team to educate students of all ages from kindergarten through the professional world on the ever changing environment of cyber security. CEROC and founder Dr. Ambareen Siraj’s next big event is the Women in Cyber Security conference in Tuscon, Arizona, on March 31- April 1, 2017.

Marci McCarthy, CEO and President of T.E.N., delivers the largest breakout session of the conference to discuss coming challenges for security officers in information technology. She details the rise of information security, the influence of blockbuster hacks like the DNC and what a conference of black hat hackers does to a hotel.

Ty Tyra, Information Security Engineer at LBMC Information Security, sees companies dropping their vigilance in preventing cyber attacks. With so many different breaches of large corporations, instead of ramping up security concerns, the general public is now desensitized to attacks. Tyra reminds everyone that diligence is their best defense.

John Beauchamp, Senior Manager of Risk Management at LifePoint Health, prepares his company for cyber attacks by running individuals through simulations to see how they react. The industry changes every day, and the best security experts learn from others in the industry.

Winn Schwartau, Founder and CEO of The Security Awareness Company, is not very impressed with the current state of cyber security. He puts the fun back into security awareness by taking an entertainment-based approach to his messaging. Attention spans are shrinking, and marketing strategies need to adjust.

The InfoSec Nashville 2016 podcast is sponsored by Netskope and is a production of Relationary Marketing, produced by Chuck Bryant and host Clark Buckner, edited and mixed by Jess Grommet, with production assistance from Kirk Bado.

[PODCAST] Ryan Olson Demystifies the Pragmatic Adversary at InfoSec Nashville

Palo Alto Networks Threat Intelligence Director Ryan Olson wants to take the fear out of Advanced Persistent Threats (APT) in network security.

“Small and medium businesses throw their hands up (when they hear APT) and think of this attacker as too advanced and too dangerous to defend against,” he said.

But that’s not always the case. Olson will be a keynote speaker at the 16th annual InfoSec Nashville conference on September 20, 2016, at the Music City Center. His presentation will center around his theory of the Pragmatic Adversary, his take on APT, which states there is not some big complex machine persistently attempting to breaking into your network, it’s a living, breathing human.

“All of these attacks are launched by people – human beings with wives and kids and dogs and jobs. But more importantly, they have a boss who told them they need to go and accomplish this task,” he said.

Olson leads Unit 42, the intelligence team at Palo Alto Networks. In a nod to the big question at the heart of the novel Hitchhiker’s Guide to the Galaxy, Olson’s security team is named after the answer to the question of life, the universe and everything because security is at the heart of everything the company does.

At Palo Alto, Olson works with the notion that there is not a whole lot firms can do to prevent attacks from happening, but they can prevent the attacker from being successful.

“As defenders, we are constantly getting better networks to defend against attackers.”

Taking a multifaceted approach to network security is the only realistic way networks can prevent successful attacks. Using a system of malware prevention and information sharing, Olson called this is the next generation firewall.

“It’s a prevention first posture for their network, not trying to detect and respond to attacks, but stop them from being successful in the first place.”

Ryan Olson will be giving a keynote address at InfoSec Nashville on Sept. 20, 2016, at the Music City Center. Tickets can be purchased here.